Snort logging portscans from dns
Any ideas why Snort is logging portscans from 2 of my providers
DNS servers? I see this every day. Its making only UDP
connections based on the log:
Mar 19 13:00:47 myhost snort: spp_portscan: portscan status
from +216.148.227.68: 6 connections across 1 hosts: TCP(0),
UDP(6)
I think this is due to the DNS servers making several connections
in my firewall/nat gateway in a short period of time. But I'm
not sure.
thanks,
jc
--
Jeff Coppock Systems Engineer
Diggin' Debian Admin and User
Reply to: